Lucene search

[email protected]NVD:CVE-2019-25089

HistoryDec 27, 2022 - 12:15 p.m.

CVE-2019-25089

2022-12-2712:15:10

CWE-330

[email protected]

web.nvd.nist.gov

morgawr muon

remote code execution

vulnerability

version 0.2.0-indev

patch

insufficiently random values

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

41.4%

JSON

A vulnerability has been found in Morgawr Muon 0.1.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file src/muon/handler.clj. The manipulation leads to insufficiently random values. The attack can be launched remotely. Upgrading to version 0.2.0-indev is able to address this issue. The name of the patch is c09ed972c020f759110c707b06ca2644f0bacd7f. It is recommended to upgrade the affected component. The identifier VDB-216877 was assigned to this vulnerability.

Affected configurations

Nvd

Node

muon_projectmuonMatch0.1.1

VendorProductVersionCPE
muon_projectmuon0.1.1cpe:2.3:a:muon_project:muon:0.1.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
muon_project	muon	0.1.1	cpe:2.3:a:muon_project:muon:0.1.1:::::::*

References

github.com/Morgawr/Muon/commit/c09ed972c020f759110c707b06ca2644f0bacd7f

github.com/Morgawr/Muon/issues/4

vuldb.com/?ctiid.216877

vuldb.com/?id.216877

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

41.4%

JSON

Related for NVD:CVE-2019-25089

vulnrichment1 cve1 cvelist1 prion1 osv1